Saviynt Blog | Security News and Research

4 Cybersecurity Lessons We Can Learn From Football

作成者: Devon Tackels|2024/07/09 7:05:40

On Sunday, February 7, 2021 something huge will occur that hasn’t happened in 13 years. Spoiler Alert: it involves the Kansas City Chiefs, the Tampa Bay Buccaneers, and Raymond James Stadium in Tampa, Florida. If you guessed the Super Bowl hosted in Tampa, Florida then you’ve earned a cool +20 points. 

What you may not know is that several of the concepts and life lessons that are crucial to America’s treasured sport are also applicable to your information security strategy. Let’s explore a few of these lessons that can help strengthen your cybersecurity program. 

Lesson 1: Defense Wins Championships

An old football adage is that “offense wins games while defense wins championships.” In cybersecurity, this also rings true. While the offense is flashy and will fill stadium seats, it is the defense that keeps the other team from scoring. 

But unlike football, a single score for the bad guys in infosec is a loss for you. A solid defense that is crafted for the long haul — and not any one specific incident — will help keep the bad guys out. To do this, the team needs to be consistent and reliable in how they handle day-to-day tasks and follow incident response plans. These tasks involve the following:

  • Complete audits and follow-up on results
  • Timely investigation and action on alerts
  • Conducting penetration test to locate gaps
  • Scanning assets and remediating vulnerabilities

If you lack defense on the infosec playing field, your defensive line up is playing with one arm behind its back, leaving holes in the line that the bad actors can — and will — exploit. Fostering a culture of consistency and reliability will make it hard for them to find holes in your processes, and make you a far less appealing target. 

What’s in your identity playbook for 2021? Join us live for the Saviynt Superbowl Showdown. Up your identity game and get a chance to score with some hot prizes.

Lesson 2: Be a Team Player

It may sound obvious to many, but both football and infosec are team competitions, and it takes a team effort to put points on the board. All-star teams that make it to the big game have spent the time and resources to foster teamwork and interpersonal cohesion. They don’t simply toss a group of players on the field and declare them a team. Instead, by working together and learning to leverage each other’s strengths (and cover their weaknesses), a team can achieve greatness. 

This lesson plays out the same way in the workplace. There is a comradery that forms through working together, but this alone does not make a team. Each member needs to be invested in the team’s success as a whole. Fostering an environment where leadership and mentorship are encouraged will help these bonds form and create a good team foundation. Doing this creates an environment where internal growth can occur and establishes bonds between mentors and mentees.  

 
 

There is an inherent understanding and agreement that everyone on a team does their job to the best of their ability. Unfortunately, every team has individuals that fail to perform at the level required to make it to the big game. But that doesn’t mean you have cut them right away. It is hard to swap players mid-year, and due to the shortage in cybersecurity, it is certainly challenging to hire new talent. By focusing on mentoring and leadership and offering training, you can elevate underperformers and turn them into top players.

With any team, though, there is a time when you need to make cuts. If a team member has a bad attitude, is unwilling to change, or is willfully negligent, it is time to remove them. Having individuals with those issues is like suffering from an on-field injury that will keep you from getting to the red zone. Cut them without hesitation. It will be better to hobble along short-staffed until a suitable free agent is signed than to have black holes of negativity bringing down the team.   

Lesson 3: Practice Like It’s Game Day

A foundational lesson in football is that you should play just as hard at practice as you would in a real game. Putting in the time on the practice field will pay off ten-fold on game day. When it comes to cybersecurity, every day is a game day, and performing at your best is essential. Cybercriminals don’t take a day off, and neither should your team. 

To stay at the top of your game, the team needs to develop good habits and effective incident response procedures that they follow every time. Security software often generates alerts on items that appear normal but still require investigation to verify. Treating every alert as if it were a bonafide attack is essential. 

 

Even when an alert appears to be a false positive, it is vital to follow investigative and incident response procedures. Fortunately modern solutions leverage AI and ML (machine learning) to minimize the number of false positives. This helps fight alert fatigue to ensure your team spends less time with low probability alerts and focuses on alerts with a higher likelihood of being legitimate. Whether an alert is a false flag or not, your team gets to practice handling it.

Ensuring a proper follow up every time helps the team prepare for a big incident. There is no time to be flipping through the incident management procedures when a real attack happens. By practicing them every time, the team is continuously drilling the process. It becomes ingrained in the team, and working together becomes second nature. When your Super Bowl (an actual attack) happens, and it will eventually, they are comfortable with their roles and responsibilities — which makes them prepared to face it. 

Lesson 4: Review the Film

Successful football teams go back after games to review how they performed in the last matchup. The first and obvious lesson in cybersecurity is to study how incidents are managed. Whether there was an actual attack or it was a false positive, this is an opportunity to take a critical look at performance. This evaluation generally takes the form of a brief meeting after the incident. This meeting aims to identify current gaps, streamline processes, and improve the program over time —  providing  a chance to collect feedback and make necessary changes. 

Reviews are an iterative process, and each new incident will come with unique takeaways for improvement. It is crucial that these meetings don’t turn into finger-pointing and name-calling. Instead, objectively identify weaknesses and work as a team to resolve them. If a single person failed to call the right play, use it as an opportunity to share guidance, not place blame.

The other half of this lesson is to keep a close eye on the opposing team’s actions on the field. How did they react? What’s in their playbook? Training your staff in offensive security techniques, watching threat reports, and following “hacker” news is part of staying on top of the security game. 

Being aware of the attacks occurring worldwide and across your industry gives you an advantage. When you understand the competitive plays, you can help your team stay prepared for what’s to come. Once an attack is out in the wild, it will not take long before some bad actor brings something similar to your doorstep. By researching and staying on top of what is going on with the attackers, you can avoid being blindsided.

Play to Win

The primary goal of any infosec team is to win every time, no excuses. And the right approach ensures success on — and off — the field. It requires a combination of the right fundamentals and iterative improvements to your roster and playbook along the way. To recap:

  • Build a solid defense
  • Cultivate the team
  • Consistently follow best practices
  • Review your mistakes and learn from them

Building a solid and well-rounded program is easy on paper, but delivering on these fundamentals every day is challenging. But if you put in the legwork, study the competition, and work as a team, you can significantly improve your odds of beating the other team any given day.